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Overview Mello 





= Where is the industry in general as of early 2021? 





= Beyond the SAE Levels ABE 


e Role of human vs. technology @o IIe 


= Industry trends for 2021 
e Role of standards 
e Technical challenges 
e Organizational challenges 
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Low Speed Shuttles Mellon 
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NHTSA lifts suspension of 
EasyMile vehicles 


= Low speed shuttles 

e Up to 15 passengers 

e Fixed route at perhaps 5-10 mph 

e Demonstrations in cities worldwide 
= Safety approach — 

e Slow speed limits kinetic energy id 

e Often anon-driver safety conductor _ — 
= Example Mishaps 

e Shuttle hit by backing truck (Las Vegas, 2017) 

e False alarm emergency stop with passenger injury (Ohio 2020) 





By Cailin Crowe 
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Parcel Delivery Ses 
Nuro Gets First Commercial 
= Parcels to SEES, houses Autonomous Vehicle Permit in 
e Short range delivery California 


Prepare yourself mentally to see a Prius driving itself if you live in the Bay Area. 


e Roads, bike lanes, sidewalks 

e Demonstrations in several cities 
= Safety approach 

e Early: trailing vehicle 

e Later: remote human 
= Example Incidents 

e Sidewalk bot blocks wheelchair ramp (Pittsburgh, 201 9) 

e Tension over use of sidewalk space 
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Driver-Monitored Automation Mellon 
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NTSB: Tesla Autopilot, distracted driver caused fatal 


= Automated driving of car ortruck gras 


By TOM KRISHER | February 25, 2020 


https://bit.ly/3bnk3EZ 


e Continuous driver supervision 
e OEMs in production already 
= Safety approach 
e Human driver monitors automation 
e Human driver responsible for safety 
= Example Mishaps 
e Multiple fatal Tesla crashes 
— Issue: driver complacency 
— Issue: under 10 seconds from OK to fatal crash 
e Tempe Arizona fatality in testing (Tempe, 2018) 
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Fully Autonomous Operation See 


Waymo’s robo-taxi service 
opens to the public in Phoenix 


f ¥ in 








= Fleet vehicles 
e Waymo robotaxis deployed a limited scale 







e Middle-mile trucks gained interest in 2020 —— 

e Many players pushing hard in this area | a> 
= Safety approach —| 

e Early: Human safety driver nttps://bit.ly/39}4yec 


e Later: Human on-call if car asks for help 


= Example incidents 
e California reports indicate minor incidents in testing 
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Industry Trends Mellon 
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= Consolidation in the “race” to autonomy 
e It takes huge resources to succeed 
e Trend to OEM + ADS supplier teaming , 
e Smaller players fail, team, or acquired over time ’“« 
= Fully autonomous pivot toward freight 
e Low kinetic energy for last mile service 
e Middle mile highways less chaotic than urban 
m Shift of “SAE Level 3” vehicles to L3+ = 
e Strict L3 means human driver supervision —/ oni. een 
e OEMs shifting to L3+ with car safe stopping on its own 
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A User-Centric Classification 
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Standards-Based Engineering Approach Civersty 
Safety Beyond 
Seay, LL 4600 Dynamic 
Driving 
DYNAMIC ISO/PAS  SaFAD/ISO_ Environment & J 
DRIVING 21448  TR4804 _ Edge Cases ae 
FUNCTION AUTOMATED 
VEHICLE 
FUNCTIONAL ISO Equipment SAFETY 
SAFETY 26262 Faults CASE 
CYBER- SAE SAE Computer UL 4600 
SECURITY J3061 21434 Security 
Basic 
SAFETY FMVSS = NCAP _ Vehicle 
Functions 
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2021 Technical Safety Oa ie 


https:// ee ee 


= Perception & prediction 
e Safety of machine learning-based functions 
e Need more than object motion tracking 
= Safety of Intended Function (SOTIF) 
e Drive/Fix/Drive iteration with lots of testing 
— Waymo: 6M test miles; 65K deployed miles 
e How will safety be argued for larger fleets? 
— Likely will involve UL 4600 concepts and safety cases 
= Getting from “works OK’ to “safe” 
e You can brute force the first few “nines” ... but not all of them. 
e Field feedback into safety cases 
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Developing Trust for Full Automation Mellon 
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= Still an open world with unknowns & changes 
e Want “Positive Risk Balance” (safer than human driver) 
e But... 20 human driver responsible 
= Use Positive Trust Balance TRUSTWORTHY POSITIVE RISK BALANCE 


e Engineering rigor 
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e Practicable validation < x 2 x 

e Strong safety culture - a 7 7 

.. and ... = Op S uw 
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e Field feedback a = 

to handle SUFpPFISes Engineering Validation Safety 
Rigor Culture 
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Safety Arguments (Safety Case) Mellon 
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= Claim — a property of the system 


e “System avoids pedestrians’ CLAIM 


= Argument —- why this is true 





e “Detect & maneuver to avoid” Pere 
=m Evidence — supports argument ; : - 
e Tests, analysis, simulations, ... 
= Sub-claims/arguments address 
complexity 


e “Detects pedestrians’ // evidence 
e “Maneuvers around detected pedestrians’ // evidence 
e “Stops if can't maneuver’ // evidence 
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Safety Performance Indicators (SPIs) Mellon 
= SPls monitor the validity of safety case claims (UL 4600) 


LAGGING Vehicle is Safe ~ 
METRICS 


OS 












oun Avoids Crashes \” 
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7 Detects Objects <i» 
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CLAIMS-ONLY 
VIEW OF 
SAFETY CASE 
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Examples of SPls Mellon 
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m “Acts dangerously’ is only one dimension of SPlIs 
e Violation rate of pedestrian buffer zones 
e Time spent too close per following distance math 
= Components meet safety related requirements 
e False negative/positive detection rates 
e Correlated multi-sensor failure rates 
= Design & Lifecycle considerations 
e Design process quality defect rates 
e Maintenance & inspection defect rates 
= Is it relevant to safety? = Safety Case => SPls 
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2021 Safety Themes University 


7 - 








= Positive Trust Balance: | 
e Engineering Rigor, Validation, Feedback, Safety Culture 
e Standards-driven safety 
e Transparency 


= Safety Performance Indicators (SPIs) 
e Continual improvement & updates 
e Field feedback: development; deployed 


=> 


= Scalability past pilot vehicles 
e Accurate perception/prediction is still work in progress 
e Transition from brute force data to safety case approach 
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2021 Organizational Safety SiC a, 
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a Significant pressure to deploy Sit 2d 
e Flurry of empty driver seat demos in late 2020 | \ 2 ah 
e Can teams take the time needed for safety? | > a 
€] 






= Industry transparency needed 
e Safety collaboration rather than competition 
e Public trust in face of an adverse news event 


https://youtu.be/nhqyrze30bk 
Yandex demo video, 


= Ensuring robust safety cultures ann Arbor Ml, Aug 2020 


e Silicon Valley culture + automotive culture + no human driver 
e We need to get this right to succeed! 
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